Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Adobe Flash insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
getsmart37 Adobe Flash insecure
Member 12th Aug, 2010 13:25
Ranking: 6
Posts: 23
User Since: 30th May, 2010
System Score: N/A
Location: AU
Today Thur 12th I had 4 Adobe Flash as insecure.

I saved each one to my desk top, put my Kaspersky IS2011 in pause then down loaded all the programs recommended

Now I am still getting two as Insecure and both the same titles.
Adobe Flash 10.X 10.1,53.64

I did exactly the same again it told me they were already installed and did I want to replace them etc

I did that and I am still getting the insecure message

I am running MS7 64 bit

I hope I have given you enough information.

Keith


Maurice Joyce RE: Adobe Flash insecure
Handling Contributor 12th Aug, 2010 13:33
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Keith,
How are U? This should clear it all up.
UPDATING STANDALONE ADOBE FLASH
===============================
Works with Windows XP,Vista & Windows 7 - 32 & 64 Bit systems.

If U have PSI version 1.9.0.2 installed have U tried the auto update feature?

OR

To successfully install Adobe Flash go here:
http://www.filehippo.com/download_flashplayer_ie/

& then here if U have any Gecko based (Firefox etc) browsers.

http://www.filehippo.com/download_flashplayer_fire...

The latest version is:10.1.82.76

1. Download & SAVE it to desktop.
2. The installer will appear on the desk top. Before agreeing to install check these programmes are closed:
a. All Browsers.
b. PSI.
c. Windows Messenger.
d. Incredimail.
e. Adobe Free Reader.

3. The new install will then remove all old files during the update process.
4. Complete a PSI rescan & all should be in order.
5. Delete the Flash installer from the desktop.

POSSIBLE PROBLEMS.
++++++++++++++++++

If U failed to complete 2. above U may well find PSI still shows a vulnerability on the rescan.

SOLUTION

1. Double check all items listed in 2. above are closed.
2. Navigate to:
32 Bit Systems - C:\Windows\system32\Macromedia\Flash
64 Bit Systems - C:\Windows\sysWOW64\Macromedia\Flash

In these locations U may well find these entries:
FLASH10D or E or H.OCX - Right click & delete it/them.
FLASH10i.OCX - The latest version which should be retained.


SOLUTION 2

1. Check the path to the vulnerability.

If PSI has found elements of Flash in the C:\i386 folder or on any drive other than C that is an OEM reinstallation partition (normally D drive) or a drive U use solely to backup your work U can safely create an ignore rule. It may also be in the Recycle Bin.

OPTIONAL EXTRA'S
++++++++++++++++

Security. (Fairly important if U care to check what Adobe attempt to store on a PC)
Adobe also have a very bad habit of changing your Flash settings each time they plug vulnerabilities. To change the security settings to your liking & regain control of your PC click here:

http://www.macromedia.com/support/documentation/en...

Click each tab U see & change the settings to your security requirements.

Bloat ware.(Very important if U dislike totally useless programmes installed on your PC)
If you used the Adobe site, rather than FileHippo to update you will also find they try or have installed an unnecessary Download Manager.

It is bloat ware by a third party Company called NOS. If found I would uninstall it via Add/Remove.

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.

Update 13 17:11 11/08/2010





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
irishfeat RE: Adobe Flash insecure
Member 13th Aug, 2010 03:19
Score: -8
Posts: 10
User Since: 6th Oct 2009
System Score: N/A
Location: N/A
What is PSI version 1.9.0.2 ? I can't find that on the website.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Flash insecure
Handling Contributor 13th Aug, 2010 08:36
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Link is here:

http://secunia.com/PSISetupAUTP.exe



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
whatdoesitwant RE: Adobe Flash insecure
Member 13th Aug, 2010 08:36
Score: 0
Posts: 1
User Since: 13th Aug 2010
System Score: N/A
Location: NL
I was notified of tuesdays security release for flash earlier this week but psi hadn't warned about the leak yet. After I let psi scan the program file manually it recognized the leak. I also noticed that updating the activex version of flash player did not make the security warning go away.
It tried to look in the file location but got an error: the path C:\Windows\Sys32\Macromed\Flash didn't exist.
After doing a scan for Flash10*.ocx in Explorer I found that Flash10h.ocx had a new home in C:\Windows\SysWOW64\Macromed\Flash
Flash10i.ocx had already been installed there correctly as well.
After removing Flash10h.ocx, Psi immediately recognized the threat to be gone.

I think that Psi isn't made properly aware of the new location of Flash10*.ocx on 64x versions of Windows 7. It doesn't expect SysWOW64 as the new path.

I wouldn't have expected a browser plugin to go 64bit either (although I think it's pretty cool: browsers have been kept at 32bits because of their plugin systems (think flash, java).
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Flash insecure
Handling Contributor 13th Aug, 2010 08:41
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 13th Aug, 2010 08:43
It is not a new home. That is how 64 Bit systems work when using 32 Bit programmes.

Check my long post above. It tells U exactly where the files are in a 32 Bit & 64 Bit system. Exactly where U found them.

There is a 64 Bit version of Java. Adobe cannot fix the 32 Bit correctly - hardly likely they will attempt a 64 Bit!

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
getsmart37 RE: Adobe Flash insecure
Member 13th Aug, 2010 08:46
Score: 6
Posts: 23
User Since: 30th May 2010
System Score: N/A
Location: AU
Last edited on 13th Aug, 2010 08:47
Hello Maurice

I was very tired when I started doing all the download etc.

Because of my poor eye sight and Secunia's fine print I missed one little link telling me to delete old program.

That is all it was I had down loaded correctly but had not 'Installed" the old program.

Sorry for any confusion

Keith
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Flash insecure
Handling Contributor 13th Aug, 2010 08:49
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Keith,
If U are all fixed up I would lock (Accept) this thread. That will prevent U from getting update emails from "tag on" posts.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
linkyy RE: Adobe Flash insecure
Member 13th Aug, 2010 09:06
Score: 0
Posts: 1
User Since: 6th Aug 2010
System Score: N/A
Location: N/A
I have got the warning that Adobe Flash Player 10.x is insecure.
I followed the link to uninstall it but on uninstall i get the message that it will continue when Internet Explorer is closed.
Problem is Internet Explorer was closed.
Tried again vis Recovery - uinstall a prog with same result.
In case you have not guesed its Windows 7.
Any help oer advice please.
Thanks
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Flash insecure
Handling Contributor 13th Aug, 2010 09:15
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 13th Aug, 2010 09:17
Not sure what U mean by link to uninstall. The installer does it for U.

Follow my long post above. It works every time if trying to update the standalone Flash.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
rpandolfo RE: Adobe Flash insecure
Member 21st Aug, 2010 01:38
Score: 0
Posts: 3
User Since: 10th Feb 2010
System Score: N/A
Location: US
Ref fol info:

Maurice Joyce
RE: Adobe Flash insecure
13th Aug, 2010 08:36

Link for PSI version 1.9.0.2 is here:

http://secunia.com/PSISetupAUTP.exe
--
Maurice

###################################

I run Windows XP. I clicked on the above link ans hit "Run", but it would not run - what should I do?

Bob

--
Bob
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Flash insecure
Handling Contributor 21st Aug, 2010 08:24
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Bob,
Just tested that link U posted - works perfectly. Have U tried the save option?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
rpandolfo RE: Adobe Flash insecure
Member 21st Aug, 2010 15:24
Score: 0
Posts: 3
User Since: 10th Feb 2010
System Score: N/A
Location: US
Got version 1.9.0.2 to load somehow, but when I clicked on it something called Microsoft DEP said it was dangerous to my computer (Windows XP), so I uninstalled it. Then I downloaded version 1.5.0.2 from Secunia website, and it shows as a program in "Start" "All Programs", but when I click on it to open it, it won't open, but no eplanatory pop-ups appear. Don't know what to do now.

--
Bob
Was this reply relevant?
+0
-0
Anthony Wells RE: Adobe Flash insecure
Expert Contributor 21st Aug, 2010 15:42
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Bob ,

Your symptoms would seem to be similar to a few folk who have similar problem(s) wit 1.5.0.2 and 1.9.0.2 on an XP OS .

A/this bug is being studied by Secunia , in the interim going back to version 1.5.0.1 has helped many ; here's te link if you wish to try , may save some time and effort :-


ftp://ftp.secunia.com/PSISetup1501.exe


This tread discusses the problem :-

http://secunia.com/community/forum/thread/show/482...

Hope this helps .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
rpandolfo RE: Adobe Flash insecure
Member 21st Aug, 2010 17:41
Score: 0
Posts: 3
User Since: 10th Feb 2010
System Score: N/A
Location: US
Last edited on 21st Aug, 2010 17:42
Thanks for the "thread" (very informative). I uninstalled V.1.5.0.2 and installed V1.5.0.1 as you recommended - all is fine now.

Bob

P.S. I am another in what seems a long line of Windows XP (SP3) users who have had a problem with Secunia V.1.5.0.2. & V.1.9.0.2.

--
Bob
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer